[Secure-testing-commits] r14428 - data/CVE
michael.s.gilbert at gmail.com
Thu Apr 8 01:10:13 UTC 2010
On Wed, 7 Apr 2010 18:51:40 +0000 Moritz Muehlenhoff wrote:
> Author: jmm-guest
> Date: 2010-04-07 18:51:40 +0000 (Wed, 07 Apr 2010)
> New Revision: 14428
> - suspicious cert turned out to be from RSA
> - webkit triage: one dupe, one chrome-only issue
> CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...)
> - chromium-browser <itp> (bug #520334)
> - - webkit 1.1.21-1 (low)
> - - qt4-x11 <undetermined> (low)
> - - kdelibs <undetermined> (low)
> - - kde4libs <undetermined> (low)
> + - webkit <not-affected> (Chrome-specific vulnerability)
when i initially triaged this issue, i found no evidence suggesting
this to be chrome-specific. the vulnerable code is in
WebCore/platform/image-decoders/gif, which is not platform-specific.
also, the debian package doesn't depend on an external gif library.
can you shed some light on the additional info that you have? thanks.
More information about the Secure-testing-commits